Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

H8YOurNMEs - Virus for MS-DOS by Sepultura

Virus for MS-DOS

Sepultura
Show all viruses by this author

Comments
Download h8urnmes.zip (4151 bytes) or browse online

Author's comments

Before you you have the third virus I have released. It is a .CO? infector of COM type files. 1173 bytes long. Some may scoff at this virus and its simplicity. Admitedly the code is full of rubbish, redundant instructions, and poor programing techniques. However life is an ongoing learning process. I have written approximately 20 viruses. This however is only the third I have released. This is because the other 17 or so were once again part of the learninig process and were simply programming excersises. Those who scoff can wallow in their foolishness and lack of appreciation of the pursuit knowledge.

But now on to the virus. This virus infects on ah=4b, ah=6c, ah=3c, ah=3d / int 21 It therefore is fairly virulent. It marks infected files using the typical adding 100 to the years field. on ah=11, ah=12.ah=4e, ah=4f/ int 21, the virus intercepts and restores the original file length and date. This is my first size stealthing virus, and was one of my two goals in writing this. The size stealthing is _SLIGHTLY_ different from any other size stealther i have seen before. This is because 11,12,4e,4f all share the same handler rather then having a seperate one for FCB's and ASCII's. This is also slightly smaller. When a file starting with 'F-','IV','ND' or ending with 'SK','AV' is executed the stealth an infection will be disabled until the program terminates.

It tunnels through int 21 code, but instead of using a typical cmp seg, wanted_seg / jb found_seg it searches for the segment that is terminated with an IRET, and returns the entry point of that segment. This is more effective when DOS is loaded high. The second goal of writing this virus is to write a virus with no heuristic flags, which is _NOT_ encrypted. This works perfectly with TBAV and (ofcourse) F-PROT, but alas, I still can not beat AVP. My regards to the authors for writing one of the few decent av programs out there. The virus will use UMB's if they are available. The reason i am not using encryption is because i do not have time to write a polymorphic engine, and in my opinion normal encryption is effective as no encryption, because there is still a search string. There is nothing else remarkable about this virus. It requires the A86 asembler.

Greets: Qark, M3t4bolis (ill stay awake longer then u on irc 1day =)) Slash, The Unforgiven, Redback.

BTW: Sepultura: (Latin) One who is burying, putting in the grave.


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org